change password code error
- by ejah85
I've created a code to change a password. Now it seem contain an error. When I fill in the form to change password, and click save the error message:
Warning: mysql_real_escape_string() expects parameter 2 to be resource, null given in C:\Program Files\xampp\htdocs\e-Complaint(FYP)\userChangePass.php on line 103
Warning: mysql_real_escape_string() expects parameter 2 to be resource, null given in C:\Program Files\xampp\htdocs\e-Complaint(FYP)\userChangePass.php on line 103
I really don’t know what the error message means. Please guys. Help me fix it.
Here's is the code:
<?php session_start(); ?>
<?php # change password.php
//set the page title and include the html header.
$page_title = 'Change Your Password';
//include('templates/header.inc');
if(isset($_POST['submit'])){//handle the form
require_once('connectioncomplaint.php');//connect to the db.
//include "connectioncomplaint.php";
//create a function for escaping the data.
function escape_data($data){
global $dbc;//need the connection.
if(ini_get('magic_quotes_gpc')){
$data=stripslashes($data);
}
return mysql_real_escape_string($data, $dbc);
}//end function
$message=NULL;//create the empty new variable.
//check for a username
if(empty($_POST['userid'])){
$u=FALSE;
$message .='<p> You forgot enter your userid!</p>';
}else{
$u=escape_data($_POST['userid']);
}
//check for existing password
if(empty($_POST['password'])){
$p=FALSE;
$message .='<p>You forgot to enter your existing password!</p>';
}else{
$p=escape_data($_POST['password']);
}
//check for a password and match againts the comfirmed password.
if(empty($_POST['password1'])) {
$np=FALSE;
$message .='<p> you forgot to enter your new password!</p>';
}else{
if($_POST['password1'] == $_POST['password2']){
$np=escape_data($_POST['password1']);
}else{
$np=FALSE;
$message .='<p> your new password did not match the confirmed new password!</p>';
}
}
if($u && $p && $np){//if everything's ok.
$query="SELECT userid FROM access WHERE (userid='$u' AND password=PASSWORD('$p'))";
$result=@mysql_query($query);
$num=mysql_num_rows($result);
if($num == 1){
$row=mysql_fetch_array($result, MYSQL_NUM);
//make the query
$query="UPDATE access SET password=PASSWORD('$np') WHERE userid=$row[0]";
$result=@mysql_query($query);//run the query.
if(mysql_affected_rows() == 1) {//if it run ok.
//send an email,if desired.
echo '<p><b>your password has been changed.</b></p>';
include('templates/footer.inc');//include the HTML footer.
exit();//quit the script.
}else{//if it did not run OK.
$message= '<p>Your password could not be change due to a system error.We apolpgize for any inconvenience.</p><p>' .mysql_error() .'</p>';
}
}else{
$message= '<p> Your username and password do not match our records.</p>';
}
mysql_close();//close the database connection.
}else{
$message .='<p>Please try again.</p>';
}
}//end oh=f the submit conditional.
//print the error message if there is one.
if(isset($message)){
echo'<font color="red">' , $message, '</font>';
}
?>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<body>
<script language="JavaScript1.2">mmLoadMenus();</script>
<table width="604" height="599" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
<td height="130" colspan="7"><img src="images/banner(E-Complaint)-.jpg" width="759" height="130" /></td>
</tr>
<tr>
<td width="100" height="30" bgcolor="#ABD519"></td>
<td width="100" bgcolor="#ABD519"></td>
<td width="100" bgcolor="#ABD519"></td>
<td width="100" bgcolor="#ABD519"></td>
<td width="100" bgcolor="#ABD519"></td>
<td width="160" bgcolor="#ABD519">
<?php include "header.php"; ?> </td>
</tr>
<tr>
<td colspan="7" bgcolor="#FFFFFF">
<fieldset><legend> Enter your information in the form below:</legend>
<p><b>User ID:</b> <input type="text" name="username" size="10" maxlength="20" value="<?php if(isset($_POST['userid'])) echo $_POST['userid']; ?>" /></p>
<p><b>Current Password:</b> <input type="password" name="password" size="20" maxlength="20" /></p>
<p><b>New Password:</b> <input type="password" name="password1" size="20" maxlength="20" /></p>
<p><b>Confirm New Password:</b> <input type="password" name="password2" size="20" maxlength="20" /></p>
</fieldset>
<div align="center"> <input type="submit" name="submit" value="Change My Password" /></div>
</form><!--End Form-->
</td>
</tr>
</table>
</body>
</html>
